Thisunitintroducesstudentstoinformationsystemsauditandassurance.Aninformationsystems(IS)auditispartoftheoverallauditprocessandisimportantforgoodcorporategovernance.ThisunitfurtherdevelopsanunderstandingofinternalandoperationalcontrolsaswellasknowledgeoftheorganisationasitrelatestoISauditandassurance.Studentswillexaminetherisksassociatedwithinformationsystemsusingframeworksthatprovideprofessionalstandards,guidelines,toolsandtechniquesforISauditandcontrol. TheriskbasedapproachtoISauditisdevelopedsothatstudentshaveanunderstandingofinherentrisks,controlrisksanddetectionrisks.Studentswillhaveexposuretocomputerauditingtoolsandtechniquesthatbothdirectlyandindirectlyexaminetheinternallogicofanorganisation’sapplications.Inthisunitstudentsdevelopgraduatecapabilitiesinarangeofareas,including:criticalanalysisskillsininformationmanagementandanalysis;problem‐solvingskillsinsourcingandidentifyingrelevantinformationandinterpretingoutputinamultidisciplinaryenvironment;andcommunicationandnegotiationskills. PreparedbyDr.SavanidVatanasakdakul 3 Learningoutcomes Havingcompletedthissubject,studentsshouldbeableto: 1.toevaluateanddemonstratetheimportanceofISAuditforISGovernancefororganisations. 2.toshowhowtheroleofanISauditoraddsvaluetoanorganisation 3.toassessISrisksandcontrolsandtheirimplicationsfororganisations 4.toexplainhowISauditobjectivesprovideeffectiveISGovernance 5.toevaluateandexplainISaudittoolsandtechniques 6.toexploreandexplainthekeytrendsofISauditandgovernanceandtheimplicationsforindividuals,organisationsandsociety. PreparedbyDr.SavanidVatanasakdakul 4 Consultationtimes • Consultationsstartfromweek3.Theconsultationtimetablewithallstaff’scontactdetailsandconsultationtimeswillbeavailableontheunit’swebsite.• Youareencouragedtoseekhelpatatimethatisconvenienttoyoufromastaffmemberteachingonthisunitduringtheirregularconsultationhours.Ordinarily,staffwouldnotexpecttobecontactedoutsidethesedesignatedhours. PreparedbyDr.SavanidVatanasakdakul 5 TimeRequirement • Asaguide,yourworkingweekforACCG358shouldconsistofthefollowingtimecommitments: • Lecture1.5hours • Tutorial1.5hour • Independentstudy6hours PreparedbyDr.SavanidVatanasakdakul 6 Textbook • Hall,JamesA.(2012),InformationTechnologyAuditing,InternationalEdition3e,SouthWesternCengageLearning PreparedbyDr.SavanidVatanasakdakul 7 Tutorialattendance Itisimportantthatyouattendthetutorialthatyouareenrolledin.Ifyouattendthetutorialthatyouarenotenrolledin,itwillnotbecountedtowardtheattendancerecord,withanexceptionoftutorialsheldontheweekofpublicholidays. • Anychangestotutorialsmustbemadethroughe‐student.Youhavetofinaliseyourclassesbytheendofweek2afterwhichchangesarenolongerpossible. • Noexceptionfortutorialattendancesandlateassignmentswillbegrantedforstudentswhoareenrolledlateinthissubject. • Yourattendancemaynotbemarkedifyouarrivemorethan15minuteslatetoyourtutorials,unlessthereisanappropriatereasonprovidedtoyourtutors. PreparedbyDr.SavanidVatanasakdakul 8 Satisfactoryperformance • Specialconsiderationwillbedeterminedafterconsiderationofastudent’sperformanceinallaspectsofthecourse.• Forperformancetobeconsideredsatisfactoryforthisunit,studentsmusthavesubmittedallassessmenttasksandachieveatleast50percentofthetotalinternalassessmentmarks. PreparedbyDr.SavanidVatanasakdakul 9 Chapter1 Auditing, Assurance, and Internal Control PreparedbyDr.SavanidVatanasakdakul 10 Objectives • toevaluateanddemonstratetheimportanceofISAuditforISGovernancefororganisations. • toshowhowtheroleofanISauditoraddsvaluetoanorganisation • tounderstandthestructureofanauditandhaveafirmgraspoftheconceptualelementsoftheauditprocess • tounderstandtheCOSOframework PreparedbyDr.SavanidVatanasakdakul 11 Auditing • Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and establishing criteria and communicating the results to interested users. PreparedbyDr.SavanidVatanasakdakul 12 InternalAudits Internal auditing: independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization  Financial Audits  Operational Audits  Compliance Audits  Fraud Audits PreparedbyDr.SavanidVatanasakdakul 13 ExternalAudit External auditing: Objective is that in all material respects, financial statements are a fair representation of organization’s transactions and account balances. SEC’s role (United States Securities and Exchange Commission) Sarbanes-Oxley Act PreparedbyDr.SavanidVatanasakdakul 14 ExternalvsInternalAudit • Comparingthekeydifferencesandsimilaritybetweenexternalauditandinternalaudit – Roleandresponsibilityofexternalauditorsvs internalauditors – Qualification– Scopeofwork – Auditperiod– etc PreparedbyDr.SavanidVatanasakdakul 15 AttestServices Requirements of attestation services Written assertions and practitioner’s written report Formal establishment of measurement criteria Limited to examination, review, and application of agreed-upon procedures PreparedbyDr.SavanidVatanasakdakul 16 AdvisoryServices Advisory services Professional services offered by public accounting firms to improve their client organizations’ operational efficiency and effectiveness Services include: Actuarial advice Business advice Fraud investigation services Information system design and implementation Internal control assessments for compliance with SOX PreparedbyDr.SavanidVatanasakdakul 17 Financialaudit  An independent attestation performed by an expert (i.e., an auditor, a CPA) who expresses an opinion regarding the presentation of financial statements  Key concept: Independence  Culmination of systematic process involving:  Familiarization with the organization’s business  Evaluating and testing internal controls  Assessing the reliability of financial data  Product is formal written report that expresses an opinion about the reliability of the assertions in financial statements; in conformity with GAAP GAAP=GenerallyAcceptedAccountingPrinciplesrefertothestandardframeworkofguidelinesforfinancialaccountingusedinanygivenjurisdiction;generallyknownasaccountingstandards PreparedbyDr.SavanidVatanasakdakul 18 IS/ITaudit IT audits: provide audit services where processes or data, or both, are embedded in technologies. Subject to ethics, guidelines, and standards of the profession (if certified)  CISA  Most closely associated with ISACA Joint with internal, external audits Scope of IT audit coverage is increasing Characterized by CAATTs IT governance as part of corporate governance PreparedbyDr.SavanidVatanasakdakul 19 RoleofAuditCommittee Selected from board of directors Usually three members Outsiders (S-OX now requires it) Fiduciary responsibility to shareholders Serve as independent check and balance system Interact with internal auditors Hire, set fees, and interact with external auditors Resolved conflicts of GAAP between external auditors and management Auditingstandard  Auditing standards  Set by the America Institute of Certified Public Accountants (AICPA)  Authoritative 1) Ten Generally Accepted Auditing Standards (GAAS)  A framework for prescribing auditor performance but it is not sufficiently detailed to provide meaningful guidance in specific circumstances.  Three categories: General Standards Standards of Field Work Reporting Standards 2) Statements on Auditing Standards (SASs) The first SAS issued by AICPA in 1972 It is interpretation on GAAS PreparedbyDr.SavanidVatanasakdakul 21 GeneralStandards StandardsofFieldWork ReportingStandards 1.Theauditormusthaveadequatetechnicaltrainingandproficiency. 1.Auditworkmustbeadequatelyplanned. 1.Theauditormuststateinthereportwhetherfinancialstatementswerepreparedinaccordancewithgenerallyacceptedaccountingprinciples. 2.Theauditormusthaveindependenceofmentalattitude. 2.Theauditormustgainasufficientunderstandingoftheinternalcontrolstructure. 2.Thereportmustidentifythose
circumstancesinwhichgenerallyacceptedaccountingprincipleswerenotapplied. 3.Theauditormustexercisedueprofessionalcareintheperformanceoftheauditandthepreparationofthereport. 3.Theauditormustobtainsufficient,competentevidence. 3.Thereportmustidentifyanyitemsthatdonothaveadequateinformativedisclosures. 4.Thereportshallcontainanexpressionoftheauditor’sopiniononthefinancialstatementsasawhole. GenerallyAcceptedAuditingStandards Audits Systematic process Five primary management assertions, and correlated audit objectives and procedures [Table 1-2]: Existence or Occurrence Completeness Rights and Obligations Valuation or Allocation Presentation and Disclosure Audits Phases: 1. Planning 2. Obtaining evidence  Tests of Controls  Substantive Testing  CAATTs  Analytical procedures 3. Ascertaining reliability  MATERIALITY = Auditors must determine whether weakness in internal controls and misstatements found in transactions and account balances are material.  The assessment of what is material is a matter of professional judgment. 4. Communicating results  Audit opinion AuditRisk The probability that the auditor will give an inappropriate opinion on the financial statements: that is, that the statements will contain materials misstatement(s) which the auditor fails to find Acceptable audit risk (AR) = level of audit risk that is acceptable to the auditor. AuditRiskComponents Inherent Risk: Unique characteristic of the business or industry of the client. The probability that material misstatements have occurred Relative risk (e.g., cash) AuditRiskComponents Control Risk: The probability that the internal controls will fail to detect material misstatements Auditors assess the level of control risk by performing test of internal controls. AuditRiskComponents Detection Risk: Is the risk that auditors are willing to take errors not detected or prevented by the control structure will also not be detected by the auditor. The probability that the audit procedures will fail to detect material misstatements Auditors set an acceptable level of detection risk that influences the level of substantive test that they perform. AuditRiskFormula AUDIT RISK MODEL: AR = IR * CR * DR Example IR=40%, CR=60%, AR=5% (fixed) .05 = .4 * .6 * DR DR = .05/.24 DR = .20 WhatisanITAudit? …most accounting transactions to be in electronic form without any paper documentation because electronic storage is more efficient. … These technologies greatly change the nature of audits, which have so long relied on paper documents. TheITEnvironment There has always been a need for an effective internal control system. The design and oversight of that system has typically been the responsibility of accountants. The I.T. Environment complicates the paper systems of the past. Concentration of data Expanded access and linkages Increase in malicious activities in systems vs. paper Opportunity that can cause management fraud (i.e., override) TheITEnvironment Audit planning Tests of controls Substantive tests CAATTs InternalControlSystem • Comprisespolicies,practices,andprocedurestoachievefourbroadobjectives: – Tosafeguardassetsofthefirm – Toensuretheaccuracyandreliabilityofaccountingrecordsandinformation – Topromoteefficiencyinthefirm’soperations – Tomeasurecompliancewithmanagement’sprescribedpoliciesandprocedures. Modifying Principles 1. Management responsibility 2. Methods of data processing  Objectives same regardless of DP method  Specific controls vary with different technologies 3. Limitations 4. Reasonable assurance  No control system is perfect  Benefits => costs Modifying Principles Limitations:  Possibility of error  Possibility of circumvention  Management override  Changing conditions ExposuresandRisk Exposure: absence or weakness of a control Risks: potential threat to compromise use or value of organizational assets Types of risk Destruction of assets Theft of assets Corruption of information or the I.S. Disruption of the I.S. ThePDCModel Preventive controls Detective controls Corrective controls Which is most cost effective? Which one tends to be proactive measures? Can you give an example of each? COSOInternalControlFramework • COSO (Treadway Commission) The control environment Risk assessment Information & communication Monitoring Control activities TheControlEnvironment Describe how each one could adversely affect internal control. The integrity and ethical values Structure of the organization Participation of audit committee Management’s philosophy and style Procedures for delegating TheElementsoftheControlEnvironment Integrity and ethical values of management Structure of the organization Participation of the organization’s board of directors and the audit committee Management’s philosophy and operating style Procedures for delegating responsibility and authority Management’s methods for assessing performance External influences Organization’s policies and practices for managing human resources TechniquesUsedtoUnderstandtheControlEnvironment Describe possible activity or tool for each. Assess the integrity of organization’s management Conditions conducive to management fraud Understand client’s business and industry Determine if board and audit committee are actively involved Study organization structure RiskAssessment Changes in environment Changes in personnel Changes in I.S. New IT’s Significant or rapid growth New products or services (experience) Organizational restructuring Foreign markets New accounting principles ElementsofInformationandCommunication Initiate, identify, analyze, classify and record economic transactions and events. Identify and record all valid economic transactions Provide timely, detailed information Accurately measure financial values Accurately record transactions TechniquesUsedtoUnderstandInformationandCommunicationStructures Auditors obtain sufficient knowledge of I.S.’s to understand: Classes of transactions that are material Accounting records and accounts used Processing steps: initiation to inclusion in financial statements (illustrate) Financial reporting process (including disclosures) Monitoring By separate procedures (e.g., tests of controls) By ongoing activities (Embedded Audit Modules – EAMs and Continuous Online Auditing – COA) View Less >>
Executive Summary The dependence of businesses and individuals technology has been seen a tremendous rise with the birth of newer and convenient technologies. With the increasing use of technology, the risk associated with it increases. This creates a pressing need of the mechanisms to prevent, detect and correct such potential risks and breaches.  The IT security of the technology providers have to be robust in order to safeguard the systems against any breach. This report focuses on the cases in which the security of iCloud has been potentially breached and analyses the risks associated with iCloud. It further identifies the areas which need to undergo audit, use of which can help prevent and detect potential breaches. It also recommends mechanisms which can help mitigate iCloud security risks.   Get solution

Place a new order
Pages (550 words)
Approximate price: -